Changes between Initial Version and Version 1 of Ticket #32596


Ignore:
Timestamp:
Mar 25, 2021, 10:40:59 PM (4 years ago)
Author:
Chris Jerdonek
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #32596 – Description

    initial v1  
    1 The `CsrfViewMiddleware` class's [https://github.com/django/django/blob/cac9ec73db35a6d38d33f271f4724da486c60e9f/django/middleware/csrf.py#L259-L379 process_view()`] method currently clocks in at 120 lines. If a method were added that encapsulates its HTTP referer logic (similar to how `CsrfViewMiddleware._origin_verified()` encapsulates its origin logic), its length could be cut in half. I think this would make the method a lot easier to maintain and understand. For example, in addition to being shorter, one optimization I'm thinking of would be easier to implement. This is because there's no way to "jump out" of an if-block, whereas with a method, you can return early.
     1The `CsrfViewMiddleware` class's [https://github.com/django/django/blob/cac9ec73db35a6d38d33f271f4724da486c60e9f/django/middleware/csrf.py#L259-L379 process_view()] method currently clocks in at 120 lines. If a method were added that encapsulates its HTTP referer logic (similar to how `CsrfViewMiddleware._origin_verified()` encapsulates its origin logic), its length could be cut in half. I think this would make the method a lot easier to maintain and understand. For example, in addition to being shorter, one optimization I'm thinking of would be easier to implement. This is because there's no way to "jump out" of an if-block, whereas with a method, you can return early.
    22
    33Given that the reason string for rejecting a request can vary in the referer case, I would suggest a method that raises an exception internal to the module, rather than returning a value. The call could then look something like this (it would go here: https://github.com/django/django/blob/cac9ec73db35a6d38d33f271f4724da486c60e9f/django/middleware/csrf.py#L283):
Back to Top